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(54) information providing system 

(57) An information providing system comprises an 
encryption unit for encrypting content data using a first 
key. The first key is Included In message data which is 
associated with the content data and is separately 
transmitted to a user site. The message data is also 



encrypted using a second key within a security module. 
The second key is further encrypted using a third key 
within the security module. The third key is never read 
out to the outside of the security module. 
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Description 

The present irvention relates to an inforniation pro- 
viding system and nrwre particularly to an information 
providing system which allows information to be pro- 
vided readily while ensuring information protection. 

The present application is based on Japanese Pat- 
ent Application No. 9-113939. ffled May 1. 1997. the 
content data of which is incorporated herein l>y refer- 
ence. 

With the advance of the Internet and the develop- 
ment of large-volume storage media such as DVDs and 
the like, various information providing services have 
been implemented regardless of online or offline. The 
information providers, which are companies that provide 
information as kjusiness. charge users for usage of 
information. 

Forms of charging include charging on the basis of 
the amount of time that information is used, charging on 
the basis of the amount of information (the number of 
bytes) that is used, charging on the t>asis of a unit of 
information (for example, a movie), and so on. Urxler 
the present circumstances, only the forms of charging 
determined by the information providers are inple- 
memed. To be specific, in a closed system in which ded- 
icated hardware is used, as in a cable television 
broadcasting service, a charging program is described 
in an application program installed in a data processing 
terminal (corriputer) on the user side or a server on the 
information provider side. In order to change the form of 
charging, therefore, it is required to rewrite the applica- 
tion program itself. It is tfius not so easy to change the 
charging form. To provide a variety of forms of charging, 
it is desirable to add a new form or forms of charging 
and allow users to make a choice from the set forms of 
charging. However, this needs to modify the program 
considerably. 

In addition, with the recent evolution of multimedia 
techniques, a case is also increasing in which one user 
subscrit>es to a number of information providers and 
receives a number of information providing sendees. In 
this case, an application program wilt be needed for 
each individual information providing service. The con- 
ventional charging facility, which is contained in an 
application program, cannot be commonly used in dif- 
ferent application programs. For this reason, when an 
information service provider creates a new application 
program, it is also required to create a new charging 
program. However, the charging function is inherently 
independent of applrcation programs and should t>e 
atsle to be used in common to different application pro- 
grams. Preparing a charging program for each applica- 
tion program offers drawtiacks that the program 
developing time is useless and each program increases 
in size and conplexity. 

The inventor of the present application proposed 
previously a system in which the usage of information 
(data processing function) and the charging process are 



separated from each other, the former toeing imple- 
mented by an application program, and the latter being 
implemented by a platform that differs from the applica- 
tion program (Japanese Patent Applrcation No. 8- 

5 259.433). Here, the information provider s^sarates 
information to be provided (hereinafter referred to as 
content data) or information, such as addresses, that 
kjentify content data and control information (referred to 
as a service description) required to utilize the content 

10 data or the information providing servica The service 
description includes information for identifying an appli- 
cation program utilizing content data to be provided, 
information for identifying a charging policy associated 
with the utilization of the content data, and information 

15 indicating a key needed to decrypt the coment data in 
encrypted form. An example of the service description 
hs such that a video playt>ack application "A" is needed 
to utilize a video data 'B**. the charge for tfiat video data 
"B" is 1 0OOyen and the user must pay a fee to Mr. "C" in 

20 accordance with a settlement method "D". In this man- 
ner, users are allowed to utilize content data on the 
basis of the sendee description. 

If the service description remained unprotected on 
the information transmitting path from £in information 

25 provider to a user or at the user site, the service 
description might be altered. In such case, the informa- 
tion provider wouki be unable to collect a charge and 
have its digital rights infringed. The digital rights include 
a copy right or a counterpart right for service creation or 

30 service provision which should be belonged to the pro- 
vider. 

The provider's digital rights include the right of the 
servrce description as well as the copyright of the con- 
tent data. For example, the information provider hias 

35 rights to claim that "content data shouki be used in this 
manner", "corrtent data should not be used in this man- 
ner*, eto. For example, one who wrote a computer pro- 
gram can daim that the program may be run txit no 
copying is allowed, or the program may be copied Ixrt no 

40 modifications are allowed and can define a charging 
policy such that the charge is lOyen per minute as the 
servrce description. The utilization that does not 
observe the service description constitutes an infringe- 
ment of the distal rights. If the service description was 

45 not protected, then malicious users could rewrite ttie 
charging policy to thereby make the charges for infor- 
mation free. In such case, the information provkler 
wouW suffer a great loss because the charging proces- 
sor fails to work. 

so- In order to protect the provider's digital rights, there- 
fore, it is required to protect the service description as 
well as the content data. Uke the content data, tiie serv- 
ice description is digital data and hence may be pro- 
tected by encryptioa That is, the content data and ttie 

55 service description are encrypted so thiat tiiey cannot be 
interpreted at the time of utilization in the absence of a 
key. such as a token or ticket issued by the information 
provkler. The key is transmitted from the information 
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provider to the user via a protected secure path inde- 
peridently of the service description. 

FIG. 1 is a block diagram of such a conventional 
system. A server 1 located on the provider side converts 
content data 3 into an encrypted form in an encryption s 
unit 4 and then sends it to a terminal 2 located on the 
user side. An encryption key is generated by a key gen- 
erator 6 and then transmitted by a key management unit 
5 to the user device 2 over a secure path which is differ- 
ent from that for the data 3. On the user side, the key is w 
stored in a key management unit 8 arxJ the encrypted 
content data is stored in a decryption unit 7. Using the 
key in the key management unit 8. the content data is 
decrypted in the decryption unit 7. whereby content 
data 9 ^ made availafc)le. is 

However, even if the key is transmitted to the user 
site over a secure path, once the key is passed to the 
user or the user's application program, there arises the 
possibility that the service description after decryption 
may l>e altered at the user site. Thus, there is an essen- 20 
tial drawback that the provider's digital rights may not be 
protected. 

Even if the service description is passed to a user in 
an erx^-ypted form that is not dependent on various con- - 
tent data transmitting fomns such as broadcasting, on- 2s 
demand. DVD, etc.. a key is passed to the user on 
demarxJ. It is not known when the user will make a serv- 
ice request For this reason, the information provider is 
required to run the key issuing server all the time. Ttiis 
will cost the information provkier and is not suitable for 30 
information providing service by individuals. 

Accordingly, it is an object of the present invention 
to provide an information providing system which per- 
mits information to be provided readily while ensuring 
information protection. 35 

According to the present invention, there is pro- 
vided an information providing system comprising a pro- 
vider device for providing information to users; a user 
device for utilizing information; and an information stor- 
age card adapted to be connected to the provider 40 
device and the user device and comprising means for 
storing a second key. in which the provkjer devfoe com- 
prises means for sending to the user device, a service 
package that describes information necessary for utili- 
zation of the provided information, the service package 45 
being encrypted in accordance with a first encryption 
system, and means for serxling to the user device, a 
first key used in tiie first enayption system, the first key 
being encrypted using the second key which is stored in 
the information storage card; and the user device com- so 
prises means for decrypting the encrypted first key 
within the information storage card. 

The service package after decryption is disabled 
from being retained within the user device or being out- 
put from the user device to outside. 55 

The encrypted service package is decrypted witWn 
the information storage card and the decrypted service 
package is disatrfed from being output to outside of the 



information storage card. 

The user device conrtprises service package 
decryption means for decrypting the efKrypted service 
package and means for c£sabling the service package 
decryption means from decrypting the encrypted serv- 
ice package when it is not guaranteed that the 
decrypted service package shoukj not be retained 
within the user device nor be output to the outside of the 
user device. 

The service package comprises information for 
identifying information to be provided, informatfon for 
identifying an applicatfon program tiiat utilizes the infor- 
mation to be provkied. and information indicating a 
charging policy relating to the utilization of the informa- 
tion to be provided, and the user device comprises an 
application p^ogram execution unit that operates in 
response to the decrypted application program identify- 
ing information, a charging unit that operates in 
response to the decrypted charging policy klentifying 
information. 

The application program execution unit is imple- 
mented by an application program, arxi the charging 
unit is implemented by a platform that Is different from 
the application program. 

The provider device comprises means for sending 
to the user device, a second charging policy identical to 
the charging policy contained in the encrypted service 
package without encryption. 

The first key used in the first erK:ryption system is 
generated in the information storage card. 

The first key used in the first encryption system is 
generated by an authorized agent and is written into the 
information storage card. 

The provider device comprises means for sending a 
ticket to the user device, the ticket associating informa- 
tion identifying the service package with information 
identifying a key used to encrypt that service package 
and the user device comprises means for identifying a 
key associated witii the service package to be utilized 
on the basis of the ticket. 

The information providing system further comprises 
a repeater unit for receiving the message data from the 
provider device and transmitting the received message 
data to the user device. 

According to the present invention, there is pro- 
vided another information providing system comprising 
a provider device for provkiing information to users: a 
user device for utilizing information; and a security mod- 
ule adapted to be connected to the provider device and 
the user device €ind comprising means for storing a sec- 
ond key in suc^ a way that it cannot be read out to out- 
side, in which the provider device comprises means for 
sending to the user device, a service package that 
describes information necessary for utilization of infor- 
mation, the service package t>eing encrypted in accord- 
ance witti a first encryption system, a first key used in 
the first encryption system being encrypted using the 
second key stored in the security module; and the user 
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device coinprtses means for decrypting the encrypted 
first key within the security module. 

According to the present invention, there is pro- 
vided an information providing device for providing infor- 
mation to users with an information storage card for s 
storing a secorxJ key, the device comprising means for 
trarismitting, a service package that descrtoes informa- 
tion necessary for utilization of the provided information, 
the service package being encrypted in accordance 
with a first encryption system; and means for trartsmit- 10 
ting a first key used in the first ^Kryption system, the 
first key being encrypted using the second key which is 
stored in the inforniation storage card. 

According to the present invention, there ts pro- 
vided still another information providing system for pro- is 
vkiing content data and message data in association 
with the oorrtent data, comprises means for calculating 
a first value of a unidirectional function or unicfirectional 
hash function to which the whole message data or parts 
of the message data are input a second value of a key 20 
generation function to which the first value is input, or a 
third value of a key generation fonction to which the first 
value and data included in the assodated message or 
stored in the device are input, as a key. 

The information providing system further conprises 2s 
means for attaching the message data with a digital sig- 
nature. 

The message data contains charging information 
concerning a charge for usage of the content data. 

The message data contains data described in a for- 30 
mat including SGML. HTML. MHEG. or XML. and their 
extended or limited format 

According to the present invention, there is still 
another information utilization device for use with an 
information providing system in which content data and ss 
its associated message data are provided arid the con- 
tent data is encrypted, the device comprising means for 
calculating a first value of a unidirectional function or 
unidirectional hash function to which the whole mes- 
sage data or parts of the message data are input, a sec- 40 
ond value of a key gen^-ation function to which the first 
value is input, or a third value of a key generation func- 
tion to which the first value and data included in the 
associated message or stored in the device are input, 
as a key. 45 

The message data is attached with a digital signa- 
ture. 

The message data contains charging information 
concerning a charge for usage of the contert data. 

The message data contains data descrOsed in a for- so 
mat including SGML, HTML, MHEG. or XML. and their 
extended or limited format 

According to the present invention, there is pro- 
vided still another information providing system conv 
prising an information providing device which, in ss 
encrypting content data using an encryption key. uses a 
value of a unidirectional function or unidirectional hash 
function to which at least two parts of message data 



associated with the content data as the encryption key 
and transmitting the encrypted content data; a repeater 
unit for receiving the rnessage data from the information 
providing device and transmitting the received message 
data; and an information utilization device which, in 
decrypting the encrypted content data transmitted from 
the information provkJing device using an decryption 
key. uses a value of a unidirectional function or unidirec- 
tional hash function to wfiich the whole message data or 
parts of the message data associated with the content 
data and transmitted from the information providing 
device or the repeater unit as the decryption key. 

The information providirrg devk:e encrypts the mes- 
sage data, and the repeater unit decrypts the received 
encrypted message data, encrypts the message data 
again and transmits the encrypted message data. 

The information provkfing device serxis the mes- 
sage data with a provider's signature attached, and the 
repeater unit verifies the signature on the received mes- 
sage data ajnd transmits the message data with a mes- 
sage data receiver's signature attached. 

The repeater unit is in the farm of the information 
utilization device. 

According to the present invention, \h&e is pro- 
vided an encryption device for encrypting content data 
arxl its associated message data to t>e separately ti-ans- 
mitted, the device comprising means for 

calculating an value of a unidirectional function or 
unidirectional hash function to which the whole 
message data or parts of the message data are 
input; arxJ 

means for encrypting the content data using the 
value of the unicGrectional function or unidirectional 
hash function as a key. 

The irrvention can be more folly understood from 
the following detailed description when taken in con- 
junction with the accompanying drawings, in which; 

FIG. 1 is a block diagram of a convernional informa- 
tion providing system; 

FIG. 2 is a t^lock diagram illustrating a system con- 
figuration on the provider side in accordance with a 
first emtxxJiment of an information providing sys- 
tem of the present invention; 
FIG. 3 is a block diagram illusb'attng a system con- 
figuration on the user side in accordance with the 
first embodiment of the present invention; 
FIG. 4 is a detailed block diagram of the service 
instance of FIG. 3; 

FIG. 5 is a block diagram of a security nxxiule in 
accordance with a second embodiment of the infor- 
mation providing system of the present invention; 
FIG. 6 shows a security module for a user havir>g a 
repeater function according to a second embodi- 
ment of the present invention; 
FIG. 7 shows a security nnodule for a repeater 
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according to the second enrtocfiment of the present 
invention; 

FIG. 8 shows a security nrwdule for an information 
provider having the repeater function according to 
the second embodiment of the present invention; 
FIG. 9 shows a communication protocol between 
two security modules for two terminals; 
FIG. 10 shows a system for an irribrmation provider 
according to a third embodiment of the pres^ 
invention; 

FIG. 1 1 shows a system for an agent or repeater 
according to the third embodiment of the present 
invention: 

FIG. 12 shows a system for a user according to the 
third embodiment of the present invention; 
FIG. 13 shows a modified system for the informa- 
tion provider according to the fourth embodiment of 
the present invemton; 

FIG. 14 shows a modified system for the agent 
according to tiie third embodiment of the present 
invention; and 

FIG. 15 shows a nrKxIified system for the user 
according to the third enrtxxliment of the present 
invention. 

A preferred embodiment of an information providing 
system according to the present invention will now t>e 
descried with reference to the accompanying draw- 
ings. 

(First Embodiment) 

Referring now to FIG. 2. there is illustrated an 
arrangement of a system on the information provider 
side in accordance with a first embodiment of the inven- 
tion. In tiie present invention, as in the conventional sys- 
tem described previously, in order to allow the charging 
function to serve as a platform, a data processing unit, 
such as a server, on tiie information provider side cre- 
ates a service package 10 that contains a pair of con- 
tent data (name of the corUent data) the information 
provider provides and information (referred to as serv- 
ice description) required tor control of the information or 
information representing the corresporxlence relation- 
ship t>etween the content data and the service descrip- 
tion. The service package 10 may include data 
described in accordance with a format such as 
SGML(Standard Generalized Markup Language), 
HTML(HyperText Markup Language), MHEG{Multime- 
dia and Hypermedis Experts Group), XLM(eXtensfl3le 
Markup Language), and their expanded or limited for- 
mats. The service package is such that MPEG data "Di" 
(the name or address of content data) is encrypted 
using a key "K2", processed by an application program 
"A^", arxJ subjected to a charging process "61". The 
user can actually make use of ttie corrt^ data on the 
t>asis of the service description in the service package 
10. Thus, the service package 10 comprises a charging 



policy 12 indicating the form of charging, an application 
pointer 14 indicating an application program that utilizes 
cont&it data, a data pointer 16 indicating the name or 
address of corrtertt data provided, and key data 18 indi- 
5 eating the key Kg required to encrypt data. The charging 
policy 12 includes a usage fee, a usage condition, a 
paying method, or a payee 

Content data 20 provided is encrypted in an 
encryption unit 22 usir>g the key Kg and then transmitted 
10 to a user site over a transmitting int&face (not shown). 
The encryption key Kg. which may be chosen freely by 
the provider, should preferably be one peculi£ir to the 
cont^ data. Encrypted content data may be distributed 
online via the Internet or offfine using DVD. 
IS The encryption system nr^y be either a common 
key system or a public key system. In the common key 
system, the key used to encrypt data and the key used 
to decrypt ^crypted data are the same. In the public 
key system, on the otiier hand, the encryption key and 
20 the decryption key are different and one of the keys is 
made put^lic with the other kept secret. The provider 
encrypts data using the user's putslic key. and the user 
decrypts the encrypted data using his or her secret key. 
Thus, the public key encryption can be adopted only 
25 when each user is identified. According to the public key 
system, the content data Is encrypted by using a public 
key Kg so tiiat a secret key corresponding to the putrfic 
key must be transmitted to the user. Even with the colon 
key system, the key Kg need not necessarily be con- 
30 tained in the service package 10 that is protected in 
accordance with the present invention. If there is a sep- 
arate secure path, the key may be trarismitted to the 
user over that path. 

The service package 10 itself is encrypted for trans- 
35 mitting to the user. This transmitting may be made either 
online or offline. It should be noted however that the 
service package 1 0 is encrypted using a key K^ which is 
different from tiie content encryption key Kg. and the key 
K^ itself is also encrypted using still another key Kq for 
40 transmitting to the user site. For encryption of the serv- 
ice package 10 and encryption of the encryption keys 
K, and Kg, in addition to the comnrw key system ttie 
public key encryption system may also be used pro- 
vided that each user is identified. 
45 The key K^ and the key Kq for enaypting the key K^ 
are kept abtsolutely unknown to ttie user. In the present 
invention, therefore, a security module 30 is used which 
is physically disabled from readout of data to outskle. 
The encryption is performed inside tiie module 30. In 
so order to increase terminal versatility, the module 30 
should preferably be made of a semiconductor informa- 
tion storage card (a smart card, PCMCIA card, or the 
like) which provides the physical protection of data. 
However, if the terminal is implemented as a dedicated 
55 one. the nxxfule does not necessarily t>e removably 
mounted like a card, but can be fixedly mounted to part 
of the terminal. 

The security module 30 comprises a key (Kq) mem- 
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ory 32, a key (K^) generata 34, encryption units 36 and 
42, an encrypted key (K^*) memory 38, and an 
encrypted key (K^') tran^rtting interface 40. The key 
generator 34 generates an encryption key peculiar to 
the service package 10 in accordance with information 5 
that identifies the externally suppfied service package 
10. However, the key need r^ necessarily be gener- 
ated within the module 30; it may be generated by a reli- 
able organization and written into the security module 
30. ,0 

The service package 10 is encrypted in the encryp- 
tion unit 42 using the key Ki and then transmitted to the 
user site via a transmitting interface not shown. The key 

used to encrypt the service package 10 is further 
encrypted in the encryption unit 36 using the key Kq is 
stored in the security nrKXlule 30. The key (Kq) memory 
32 consists of a nonvolatile memory. The key Kq is 
stored at the time of creating the nKxlule 30 in such a 
way that it can never be accessed from outside at a later 
time. The key Kq may be a key specific to the informa- 20 
tion provider irrespective of data/service package. 

The encrypted key K^* is stored in the memory 38. 
This is interxJed to omit work of encrypting the key 
each time the same service package 10 is encrypted. 
Thus, the key memory 38 can store keys K^' 25 
obtained by encrypting encryption keys K^, one for each 
of differert service packages, using the key Kq. If, when 
a certain service package is specified, the correspond- 
ing key exists among the keys Ki' already stored, it is 
only required to read that key from the menx>ry 38. 30 

The key * stored in the memory 38 is transmitted 
to the security module at the user site without being 
accessed from outside. When a semiconductor informa- 
tion storage card is used as the security module, the key 
K^* is transmitted to the user's card in accordance with 35 
a card-to-card communications protocol. Thus, the key 
K{ obtained by encrypting the service package encryp- 
tion key K, is not output to tiie outside of the security 
nxxlute 30 nor does it become krx}wn to the user, pre- 
venting the service package 10 from being altered by a 40 
thind party. 

It is not required that tiie encrypted service pack- 
age encrypted key KV be transmitted simultaneously 
with the encrypted service package. As descrtt^ed previ- 
ously, a key is peculiar to a service package. If, there- 45 
fore, there exist multiple encrypted service packages 
and multiple encrypted service package encryption 
keys Ki' at the user site and the correspondence rela- 
tionship between the service packages and the encryp- 
tion keys is unknown, the encrypted service packages 50 
cannot be decrypted. It is therefore desiratsle to send 
from the provider to the user information that is used to 
establish a corresporxtence between information for 
identifying service packages and information for identi- 
fying keys Ki used to encrypt those service packages. 55 
The information used to establish a correspondence is 
referred to as a ticket By so doing, the user will be at>le 
to know from the ticket a key Ki associated with a serv- 



k;e package he or she wants to utilize. 

FIG. 3 shows an arrangement of the ternrdnal at the 
user site. At the user site as well, a security nrKxjule 50 
is used which preferably is made of a semiconductor 
information storage card. The security module 50 com- 
prises a receiving interface 52. decryption urnts 54 and 
60, a key (Kq) memory 56. a key (KO memory 58. and a 
service execution unit 62. 

The user accosts the encrypted key KI' from the 
provider t>y secure module-to-module oomnruinications. 
The key K^' will therefore not be transmitted to any user 
who does not subscript to the provider. The encrypted 
key KI* is supplied through the receiving interface 52 to 
the decryption unit 54. Like the provider's security nxxS- 
ule 30, the user's security module 50 has the memory 
56 for storing the encryption key Kq. The memory 56. 
which is also a nonvolatile memory, is stored with the 
key Kq at the time of aeation of a card and is later made 
inaccessftsle from outside. Thus, the service package 
encrypted key K1 ' which was encrypted on the provider 
side using the key Kq can be decrypted on the user skle. 
Note that the public key encryption system may also be 
used here. The decrypted key K^ is temporarity stored 
in tiie meax>ry 58. This is also intended to omit work of 
decrypting the same encrypted key each time the 
same service package is decrypted. The memory 58 
has an enough capacity to store keys corresponding 
to a plurality of service packages. 

The encrypted service package is received by a 
receiving interface 64 and then temporarily stored in a 
service package menrwry 66. The encrypted content 
data are received by a receiving interface 68 arxi then 
stored in a content data memory 70. The encrypted 
service package is decrypted in the decryption unit 60 
in the security module 50 using the key K, stored in the 
mennory 58 and then entered into the service execution 
unit 62. The key K2 corrtained in the decrypted service 
package is supplied from tfie security module 50 to a 
decryption unit 72. This decryption unit 72 decrypts tiie 
encrypted content data stored in the memory 70 using 
tfie key K2. The decrypted content data is are delivered 
to a content reproducing unit (for example, a display 
unit) 74. 

The usei^s terminal further comprises a user inter- 
face 76 and a service control unit 78. The service con- 
trol unit 78 controls the key K^ menrrory 58. the service 
package memory 66, and the service execution unit 62. 

Refening now to FIG. 4. the service execution unit 
62 comprises a charging module 82 which performs a 
charging process on the basts of the charging policy 1 2. 
an application program 84 which is run on the t>asis of 
tiie application pointer 1 4 and the data pointer 1 6, and a 
data transfer processing module 86 which allows con- 
tent data 88 to be received in cooperation with the 
charging module 82 and the application program 84. 
The service execution unit 62 thus comprises hardware 
and software which are required to implement the infor- 
mation providing service on the basis of the service 
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description, and parameters that allow the hardware 
and software to work prc^edy. i,e., the unit is a collec- 
tion of iadlities required to implement the information 
providing service. 

The operation of the first emlxxlimerrt will be s 
descrtoed next The first embodiment makes it a condi- 
tion that the user uses the provider-distribiited security 
nrodule 50 having the key Kq memory 56. An encrypted 
service package and encrypted content data are trans- 
mitted to the user site ordtne via the irrternet or offline io 
using a large-volume storage medium such as a DVD, 
i.e.. in an arbitrary mode. When utilizing an infonmation 
providing service, the user receives a key peculiar to 
the service package from the provider. The user plugs 
the security module 50 that has received the key K^* into is 
the terminal. In the module 50. the encrypted service 
package is decrypted by the decryption unit 60 and a 
service instance is produced from the service package. 
At the same time, the encrypted content data is 
decrypted by the decryption unit 72 using the key K2 20 
contained in the service package. 

In the decrypted service package, the application 
program 14 and the data pointer 16 activate a predeter- 
mined application program 84. As the application pro- 
gram runs, the data transfer processing module 86 2s 
reads content data 88 from a server or storage medium 
to initiate the usage of the information providing service 
and the charging module 82 charges usage of the infor- 
mation providing service according to the charging pol- 
icy 12. 30 

As described above, according to the first emtxxii- 
ment, the content data 20 and the service package 10 
are encrypted using separate encryption keys and then 
transmitted to the user. The encryption key used to 
encrypt the service package 10 is further encrypted 35 
using an additional encryption key Kq and then transmit- 
ted to the user. This additional key Kq used to encrypt 
the service package encryption key is held in the 
merrwy 32 in the security module 30 that cannot be 
accessed from outside and the encrypted key K,' itself 40 
is directly transmitted to the user site on a module-to- 
module communications basis, in other words, in an 
externally inaccesstl^le state. Therefore, the user and 
the application program cannot rewrite the service 
package, which prevents the charging policy from being 45 
altered for illegal utilization of services. 

A modifrcation of the first embodiment will be 
described. In FIGS. 2 and 3. the security module has 
only circuits that meet minimum requirements built in. If 
it has room, however, the ena-yption unit 22 (FIG. 2) so 
and the decryption unit 72 (FIG. 3) may be built into the 
security nruxlules 30 and 50. respectively. 

In addition, the provider's security module 30 and 
the users security rrxxlule 50 may be arranged idemi- 
cally An example therefor is illustrated in RG. 5. A key ss 
(Kq) memory 100 is connected to an encryption/decryp- 
tion unit 102 to which a key (K^) memory 106 and a key 
(Kt*) memory 108 are connected. A transmitting/receiv- 



ing interface 1 10 is connected to the key (K,*) memory 
108. Information identifying a service package g given 
to a key (K^) generator 104, wHch generates a key 
used to encrypt that service package. The key is 
stored in the key memory 106 arxl supplied to a service 
package encryption/decryption unit 112 to which a 
transmitting/receiving interface 114 and a service exe- 
cution unit 1 1 6 are connected. 

In the module used by the provider, a key pecu- 
liar to a service package is generated or received from 
an external organization to encrypt the service package 
in the service package enayption/decryption unit 1 12. 
The resulting encrypted sendee package is transmitted 
over the transmitting/recefving interface 114 to a user 
site. At the same time, the key is encrypted by the 
encryption/decryption unit 102 using a key K© and the 
resulting encrypted key K^' is transmitted over the trans- 
mitting/receiving interfiace 110, 

In tiie module at the user site, the erv:rypted key ' 
received from the provider over the transmitting/receiv- 
ing interface 1 10 is decrypted in the encryptiorVdecryp- 
tion unit 102 using a key Kq and the decrypted key is 
then stored in the key (Ki) menrory 106. The encrypted 
service package received over the transmitting/receiv- 
ing interface 1 14 is decrypted in the service package 
encryptionWecryption unit 112 for application to tiie 
service execution unit 116. 

According to such an anrangemerrt. the provider 
and the user are alfowed to use the security modules of 
the same arrangement, providing an advantage of 
reduced cost. In this case as well, if there is room to 
accommodate nrwre hardware in the security module, 
the data encryption/decryption unit may also be built 
into the module. In addition, if the user keeps a security 
nrxxdule of the same arrangement as the provider's 
security nKxIule. there is no need for the provider to 
directiy send the service package encrypted key KV to 
the user In such a case, the user will be allowed to send 
the key K^' to other users. Further, the user can also 
send the key via security modules of a plurality of 
users, allowing the key to be comnuinicated from indi- 
vidual to individual like word-of-mouth comnumicatton. 
This will eliminate the need of operating the key putslish- 
ing server all the time and is therefore suitat)le for an 
information provkiing service by individuals. In this 
case, the users who merely repeats the key will not 
need all tine hardware of FIG. 5. but requires only ttie 
key (K^*) memory 108 and the transmitting/receiving 
interface 110. However, when the public key system is 
used, the encrypted key K,' must be decrypted once at 
each repeater terminal: therefore, in the arrangement of 
FIG. 5 it is only the service package encryption/decryp- 
tion unit 112. the transnrdttingA^eceiving interface 114 
arxj the service execution unit 1 16 that can be omitted. 

(Second Embodiment) 

Refemng to FIGS. 6 to 8, there is illustrated an 
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arrangement of a second embodiment in which the 
sennce package and key can be Treated via a 
repeater. The key must be repeated using the security 
modute. The service package is rxst necessary to be 
repeated using the security nrxxJule since it is 5 
encrypted. The service package can be stored in a per- 
sonal computer as a frie and read out to be transmitted 
to the other repeater or user. 

FtG. 6 shows a security module for the user having 
a repeater function. An input/output interlace 202 10 
receives the encrypted service package and the 
encrypted key Kt' from the information provider or 
repeater. The encrypted key K^* is supplied to a key 
receiver 208 of a key management section 204. The key 
management section 204 comprises a key controller 75 
206, key memory 210. and key transmitter 212 in addi- 
tion to the key receiver 208. The encrypted key K^* is 
written into the key memory 210 by the key receiver 
208. The key k^* read out from the key memory 210 is 
si43pfied to the key transmitter 21 2. The key transmitter 20 
212 sends out the key k^' via the I/O interface 202. 
Thus, the encrypted key K^* is repeated by the user's 
security module. 

The user's security module further comprises a 
service package decryption unit 214. a service execu- ss 
tion unit 216, and a service control unit 218. The I/O 
interface 202 supplies the input service package 
(encrypted service package) to the package decryption 
unit 214 in which the encrypted service package is 
decrypted t>y using the key K^' suppTted from the key 30 
memory 210. The encrypted service package is sup- 
plied to the service execution unit 216 which causes the 
information providing service to be started. In the same 
manner as the first embodiment, the service execution 
unit 21 6 is controlled by a service control unit 218. 35 

FIG. 7 shows a security module for the repeater. An 
input/output interface 222 receives the encrypted key 
Ki* from the information provider or repeater. The 
encrypted key K^' is supplied to a key receiver 228 of a 
key management section 224. The key management 40 
section 224 comprises a key controller 226, key mem- 
ory 230, and key transmitter 232 in addition to the key 
receiver 228. The encrypted key K,* is written into the 
key memory 230 by the key receiver 228. The key k^* 
read out from the key menwry 230 is supplied to the key 45 
transmitter 232. The key transmitter 232 sends out the 
key ki' via the I/O interface 222. Thus, the key K^' is 
repeated by the repeater's security module. 

FIG. 8 shows a security modute for the information 
provider having a repeater function. An input/output so 
interface 242 receives data necessary for synthesize 
the sendee package. The security module comprises a 
key management section 244 which is formed of a key 
generator 248, key controller 246, key menwry 250. and 
key transmitter 252. The key generator 248 generates ss 
an encrypted key K^* which is an encrypted form of the 
encryption key of the service package 10. The key 
Ki* is stored in the key memory 250. The key kV read 



out from the key memory 250 is supplied to the key 
transmitter 252. The key transmitter 252 sends out the 
key kt* via the I/O interface 242. 

The provider's security module further comprises a 
service package synthesis unit 254, a service package 
encryption unit 256, arxj a service package generation 
controller 258. The I/O interface 202 supplies the input 
data to the service package synthesis unit 254 in which 
the service package is synthesized based on the input 
data. The sennce package output from the service 
package synthesis unit 254 is encrypted by the service 
package encryption unit 256. The encrypted service 
package is externally output from the t/O interface 242. 

FIG. 9 shows a key transmission protocol between 
two terminals each liaving a security module. When the 
user of a terminal "A" wishes to receive the key from a 
terminal "B", the terminal "A" sends a transnrdssion 
request to the terminal "B". The terminal "B" communi- 
cates with its security module a transmission command 
and then sends a reception request to the terminal *A". 
The terminal "A" communicates with its security module 
a reception command and then sends a reception 
agreement to the terminal "B". When the terminal "B" 
sends a start comnricind to its security module, the secu- 
rity modules of the terminal "B" and terminal "A" start 
verification process and then the session is setup 
between the security modules of the terminal "B" and 
terminal "A". The key is transmitted from the security 
module of the terminal "B** to the security module of the 
terminal "A". After the session is terminated, the secu- 
rity module of the terminal "B" reports the terminal "B" of 
the complete of transmission and the security module of 
the terminal "A" reports the terminal "A" of the complete 
of reception. 

According to the second embodiment there can t>e 
provided a security nxidule in which the service pack- 
age and the key can be repeated. 

According to the first and second emlxxliments, as 
in the conventional system described previously, in 
order to allow the charging function to serve as a plat- 
form, a dafa processing unit, such as a server, on tiie 
information provider side creates a service package 10 
that contains a pair of content data (name of the content 
data) the information provider provides and control 
information (referred to as service description) required 
to utilize the content dafa. 

An information providing system can be provided 
which provides service package security protection at 
the user site, including the treinsmitting path from the 
information provider to the user. 

(Third Embodiment) 

In the tiiird embodiment, the provider encrypts con- 
tern dafa and the encrypted content data are transmit- 
ted to the user directiy or via an agent for repeating 
data. The service description (hereinafter referred to as 
a message) assodated with the content data is trans- 
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mitted to the user directly or via the agent The exanv 
pies of the service description is the same as that of the 
first embodiment. The number of agents through which 
the data is transmitted is not limited to one. The agent is 
not Rmited to a person who only repeats the data. Other 5 
users can be agents. The third embodiment is charac- 
. terized in that the content data and/or message are 
transmitted to an end user via another user or agent 
FIG, 10 is a schematic representation of a server on the 
provider side, FIG. 1 1 is a schematic representation of a w 
system on the agent side, and FIG. 12 is a schematic 
r^esentation of a terminal on the user side. 

Content data CN. such as video, music, images, 
etc., which are information to be delivered, are 
encrypted by an encryption unit 312 and then pubfished is 
as encrypted contertt data CN* (= T(CN)) to the agent or 
user. A message M associated with the content data 
contains ntultiple (at least two) sutxnessages and 
M2. The encryption unit 31 2 uses, as an encryption key 
K. an output of a correlation unit 314 in which the sub- 20 
messages and M2 are input to a unidirectional func- 
tion or unidirectional hash function f(Mi, M2}. a value of 
a predetermined key generation function to which the 
output of the conelation unit 314 is input or a value of 
the predetermined key generation function to which the 2s 
output of the correlation unit 314 and data included in 
the assodated message or stored in the device are 
input, therefore, the content data encryption key K are 
correlated with the submessages Mi. M2 associated 
with the content data. 30 

Unlike the content data CN, the message M is 
appended with a digital signature of the provider "A" in a 
signature unit 316 and a signed message M^ign (= 
Sa(Eb(M))) is transmitted to the agent or user. Here, 
Eb(M) is an encrypted message obtained by encrypting 35 
the message M using a putjiic key of the agent "B" (or a 
common key that the provider "A" and the agent "B" 
share) in order to transmit the message M to the agent 
B. Sa{Eb(M)) represents the encrypted message Eb(M) 
appended with the digital signature of the provider "A". 40 
Hereinafter, E. D. S and V represent operations of 
encryption, decryption, signature, and verification, 
respectively. The purpose of transmitting of the mes- 
sage M with the digital signature is to guarantee that the 
message is a true message transmitted from the pro- 45 
vider. 

As shown in FIG. 11, in the message agent's sys- 
tem, the message M^jgn with the digital signature is ver- 
ified by a signature verification unit 322 and the original 
message M (= DB(yft(M6jgn)) is reproduced. Here, so 
YftC^sign) 'S the encrypted message for which verifica- 
tion has been made tfiat it was signed by the provider 
"A", and DB(VA(Msign)) is a message in plaintext 
obtained by decrypting the encrypted message 
VA(Meign) using the seaet key of the agent "B" (or the ss 
common key that the provider "A" arKi the agent "B" 
share). 

Suppose here that the agent is malicious and alters 



part of submessages and M2 to yield M^' and M2 by 
using a forgery unit 324. It is assumed that at least one 
of M^* g£ M2 and Mt* 9t M2 is satisfied. The agent "B" 
attaches the own digital signature to the forged mes- 
sage by ustr^ a signature unit 326. The forged mes- 
sage with the signature M'^ign {= SB(Ec(M'3igJ)) is 
transmit to the user. Altemativ^y. the signed message 
M sign niay be transmitted to the user via still another 
agent 

As shown in FIG. 11, the agenfs system can be 
implemented kjy a conventional data processing appa- 
ratus, such as a personal computer. For a honest agent, 
the message is received and m^ely retransmit to the 
agent or user. Therefore, the forgery unit 324 is 
replaced with a mere buffer memory. 

As shown in FIG. 12, in the user's system, the mes- 
sage M'sjgn with the digital signature transmitted from 
the provider or agent (in this case, the message is 
forged by the agent) is verified in a signature verification 
unit 332. The original forged message M' (= 
Dc(VB(M*sign)) ^ oljlained. Here. VB(M'sign) the mes- 
sage M* forged and signed t>y the agent "B", and 
^c(VB(M*stgn} a message in plaintext obtained by 
decrypting the encrypted message M', for which va^ifi- 
cation has been made that it was signed by the agent 
"B", i^ing the secret key t>elongtng to the user "C" (or 
the comnx)n key that the agent "B" and the user "C 
share). The encrypted content data CN' is decrypted by 
a decryption unit 336. The decryption unit 336 uses, as 
a decryption key K". an output of a correlation unit 334 in 
which the sutjmessages M^' and 1^2' contained in the 
message M* are input to a unidirectional function or uni- 
directional hash function f{M^\ Ms*), a value of a prede- 
termined key generation function to which the output of 
the correlation unit 314 is Input or a value of the prede- 
termined key generation function to which the output of 
the correlation unit 314 and data included in the associ- 
ated message or stored in the device are input, tf the 
message M is not forged by the agerrt. then ttie key K' 
supplied to the decryption unit 336 will be equal to the 
key K supplied to the encryption unit 31 2 on the provider 
side. In this case, however, the message is forged as 
descried above, the key K* supplied to the decryption 
unit 336 is f (Ml'. M^l- 

If the message M is not forged by the agent then 
the key K* equals to the key K and the decrypted content 
data CN" (= R(CN')) matches the content data CN on 
the provider sida 

However, when, as shown in FIG. 1 1 , the agent 
forges the message, the key K* to the decryption unit 
336 is IC = f(Mi\ M2I Mg). resulting in a mis- 

match t>etween the decrypted contern data CN" and the 
original content data CN. In other words, the original 
content data are not availaksle on the user side. In such 
case, the user wiP suppose that the message given by 
the agent is not conrect. that is, the agent would have 
comnBtted some injustice, and then notifies the provider 
of that As a result the provider sends the correct mes- 
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sage directfy to the user, thus allowing the user to 
decrypt and utilize the content data. 

In the evem that the agent has altered the submes- 
sage Ml to Ml \ in order to cause the decryption key fC 
(= f(Mi\ Ma*)) to match the encryption key K (= f^^. s 
M2)). it is required to change the other submessage M2 
as well to M2' that satisfies f{Mi\ M2I = K. Since the 
function f is a unidirectional one, however, it is alnnost 
imposstole for the malicious agent to find M2 that satis- 
fies f(Mt'. Mj*) = K, i.e.. M2 that allows K to be changed 10 
toK. 

As descril>ed so far, according to the third embodi- 
ment, by making a content data encryption key a unidi- 
rectional function or unidirectk}nal hash function of the 
whole message or parts of the message Qn this embod- is 
iment two parts of the message) associated with the 
content data, that is, by con-elating the encryption key 
with the message, the decryption of the content data 
becomes disabled when the message is forged. It there- 
fore becomes possa^le to present unauthorized usage of 20 
content data and protect the digital rights of information 
providers. In addition, since the encryption key is never 
known to the users and agents, encrypted content data 
can never be decrypted illegally. Moreover, since the 
message containing at least two submessages used to 25 
generate an encryption key can be transmitted offline to 
the final user via the agent or other agents, there is no 
need of installing a key issuing server and hence the 
cost involved in providing information is reduced. This is 
suitable for an information providing service by indivk:lu- 30 
als. 

(Detailed Example) 

Detailed example of a specific application of the 35 
third embodiment will be described next As an exam- 
ple, it is assumed that the content data CN are MPEG- 
compressed video and the message M contains cfiarg- 
ing information for billing a user for video. The provider 
"A" describes in the submessage Ml charging informa- 40 
tion such that user should pay the provider "A" lOOOyen 
for this video. The submessage M2 may contain the 
name of video information (content data) or a data 
pointer indicating the address of the video information, 
an application pointer indicating which of application 45 
programs is to be used for the corrtent data, etc, as 
shown in FIG. 2. It should be noted that the nuntjer of 
submessages used to generate an encryption key is not 
limited to two. txjt may be three or more. 

The provkler "A" passes the message M to an so 
agent "B" with its signature attached. 

The agent verifies the signature of the message M 
and then sends it to a user directly or via another agent 
with its signature attached. 

The user can decrypt the content data using the key ss 
generated from the submessages Ml and M2 of the 
message M thus received. 

Suppose here that a malicious agent "B" alters the 



submessage Ml to a submessage Ml* describing that 
user should pay the agent "B" 1 .OOOyen and s&nds it to 
the user with its signature attached, (n such a case, the 
user will know from this message Ml* that it is to the 
agent "B" th»t he or she shoukJ pay 1 .OOOyen for usage 
of content data. However, since the message has been 
forged, the correct encryption key cannot t>e obtained, 
so that the user fails to decrypt the encrypted content 
data. It turns out on contact with the provkJer "A", that 
the agent "B" forged the message. Thus, it is posstole to 
cause a malicious agenfs plot to forge a message and 
take a charge to be paid to the provider "A" to end in fail- 
ure. 

(Fourth Embodiment) 

In the third enrbodiment it is not required ttiat a dig- 
ital signature is attached to the message. The fourth 
embodiment is a nxxltfication of the third embocGment in 
which the message is directly transmitted wittKUJt a dig- 
ital signature. FIG. 13 is a schematic representation of a 
server on the provider side. FIG. 14 is a schematic r^ 
resentation of a system on the agent side, and FIG. 15 
IS a schematic representation of a terminal on the user 
side. The provider does not attach the digital signature 
to the message. The agent does not perform a signa- 
ture verification and merely relay the received message 
to the other agent or user. The user correlates the sub- 
messages irrctuded in the received message. 

Additional advantages and modifications will readily 
occur to those skilled in the art. Therefore, the present 
invention in its broader aspects is not limited to the spe- 
cific details, representative devices, and illustrated 
examples shown and described herein. Accordingly, 
various modifications may be made without departing 
from the spirit or scope of the general inventive concept 
as defined by the appended claims and their equiva- 
lents. 

For example, in the first and second embodiments, 
the user cannot know the charging policy data without 
decryption and a security module is need for decryption. 
The user has no security module before service utiliza- 
tion. This is inconvenient for users. For this reason, it is 
desirable that a second charging policy identical to a 
charging policy to be transmitted in encrypted form be 
prepared separately and transmitted to the user site 
without encryption. The user can know the second 
charging policy data to decide whether to utilize the 
service or not. In this case, it is the charging policy con- 
tained in the decrypted service package that is transmit- 
ted to the service execution unit 62. However, a third 
party might alter the second charging policy in plaintext 
to render a charge for service free. This affords little 
user protection, tt is therefore desirable that the user 
device be equipped with means for making a corrtpari- 
son between the decrypted charging policy and the sec- 
ond charging policy and disabling service utilization 
when the conparison indicates inequality 
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In the first and second embodiments, in order to 
keqs the decrypted service package unknown to the 
user, the decryption unit 60 and the service execution 
unit 62 are installed In the security module 50. That is. 
hardware is used to prevent alteration of information. Of 5 
course, the service package may be protected by soft- 
ware. A certificate that guarantees that the service 
package and the key are not output to outside nor 
retained may be attached to a service Instance itself 
which is software for implementing the s^ice package, w 
In the absence of this certificate, the service package is 
disabled from beir^ decrypted. In this case, the decryp- 
tion unit 60 and the service execution unit 62 need not 
be installed in the security module 50. Further, if. when 
hardware is used to prevent alteration of information, 15 
the user's terminal is reliable, the decryption unit 60 and 
the service implemeriting unit 62 may not necessarily 
be provided in the security nxxluie 50. Although l>eing 
inplemented k>y a platform, the service package 
decryption unit and/or charging system may be imple- 20 
mented as an application program as with normal data 
processing. 

It is not necessarily required that an agent or 
agents Intervene between a provider and a user accord- 
ing to the above-mentioned embodiments. With no 25 
agerrt a message may be transmitted from the provider 
to the user together with encrypted content data. In this 
case, the need of signature transfer processing through 
message is saved. 

The transfers of content data and messages may 30 
be made online via the internet or offline through DVDs. 

In the third embodiment, the signature encryption 
may be either public key-t>ased or common key-based. 
The message may include not only charging information 
but also data described in accordance with a format 35 
such as SGML (Standard Generalized Markup Lan- 
guage). HTI^L (HyperText IVIarkup Language). 
MHEG(Multimedia and Hypermedia Experts Group). 
XML(eXtensible Markup Language), and their extended 
or limited format or the like. 40 

When the correlation unit 341 on the user side 
which calculates a unidirectional function or untdtrec- 
tional hash function value is built into the security mod- 
ule, such as a semiconductor chip, a smart card, or the 
like, which is pfiysically disabled against readout as 45 
well as a decrypting unit for the content data, the secu- 
rity can be further increased because the key K is never 
read out to outside. The reason is that if a user inter- 
venes t>etween the module in which the unidirectional 
function or unidirectional hash function is used to calcu- so 
late the key K and the module in which the content data 
are decrypted, the user will be able to know the value for 
key K to thereby decrypt the content data, associate an 
errtirely different message with the decrypted content 
data, and encrypt tiie content data using a different key. 55 
It must be avoided to make it possible to decrypt 
encrypted content data readily with rx> need of a mes- 
sage. 



As described above, according to the present 
invention, there is provided an information providing 
system whk^ has a facility of protecting content data 
and provider's rights at the user site including a trans- 
mitting path from an information provider to a user and 
permits information to be delivered readily. 

Cfaims 

1. An information providing system comprising: 

a provider device for providing information to 

users; 

a user device for utilizing information; and 
an information storage card adapted to be con- 
nected to the provider device and the user 
device and comprising means for storing a sec- 
orxJ key, 

characterized in that 

the provider device comprises means (42) for 
sending to the user device, a servrce piackage 
that describes information necessary for utiliza- 
tion of the provkJed information, the service 
package t>eing encrypted in accordance with a 
fir^ encryption system, and means (40) for 
sending to tiie user device, a first key used in 
the first encryption system, the first key being 
encrypted using the second key which is stored 
in tiie information storage card; and 
the user device comprises means (54) for 
decrypting the encrypted first key within the 
information storage card. 

2. The information providing system according to 
daim 1 . characterized in that the service package 
after decryption is disatsled from being retained 
within the user device or being output from the user 
device to outside. 

3. The irrformation providing system according to 
daim 2. characterized in that the encrypted service 
package is decrypted within the information storage 
card and the decrypted service package is disabled 
from being output to outside of the information stor- 
age card. 

4. The information providing system according to 
daim 2. characterized in that the user devk;e com- 
prises service package decryption means (60) for 
decrypting the encrypted service package and 
means for disabling the service package decryption 
means from decrypting the encrypted service pack- 
age when it is not guarar^eed that the decrypted 
service package sfiould not be retained within the 
user device nor be output to the outside of the user 
device. 

5. The information providing system according to 
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daim 1 , characterized in that the service package 
comprises information (16) for identifying informa- 
tion to be provided, information (14) for identifying 
an application program that utilizes the infomrtation 
to be provided, and information (12) indicating a $ 
charging policy relating to the utilization of the infor- 
mation to be provided, and the user device conv 
prises an application program execution unit (62) 
that operates in response to the decrypted applica- 
tion program identifying information, a charging unit w 
that operates in response to the decrypted charging 
policy identifying information. 



6. The information providing system according to 
daim 5, characterized in that the application pro- 
gram execution unit is implemented by an applica- 
tion program, and the charging unit is implemented 
by a platform that is different from the application 
program. 

7. The information providing system according to 
daim 5. characterized in that said provider device 
comprises means for sending to the user device, a 
second charging policy identical to the charging 
policy contained in the encrypted service package 
without encryption. 

8. "The information providing system according to 
daim 1. characterized in that the first key used in 
the first encryption system is generated in the irrfor- 
mation storage card. 

9. The information providing system according to 
daim 1 , characterized in that the first key used in 
the first encryption system is generated fc>y an 
authorized agent arxi is written into the information 
storage card. 

10. The information providing system according to 
daim 1. characterized in that the provider device 
comprises mear^ for sending a ticket to the user 
device, the ticket associating information identifying 
the service package with information identifying a 
key used to encrypt that service package and the 
user device comprises means for identifying a key 
associated with the service package to be utilized 
on the basis of the ticket. 

11. The information providing system according to 
daim 1. which further corrprises a repeater unit for 
receiving the message data from tfie provider 
device arxj transmitting the received message data 
to the user device. 

12. An information providing system comprising: 

a provider device for providing information to 
users: 



a user device for utilizing inforniation; arxl 
a security module adapted to t>e connected to 
the provider devfoe arxJ the user device and 
corrprising means for storing a second key in 
such a way tfiat it cannot be read out to outside, 
characterized in that 

the provider device comprises means (42) for 
sending to the user device, a service package 
that describes information necessary for utilisa- 
tion of information, the service package being 
encrypted in accordance witti a first encryption 
system, a first key used in the first encryption 
system being encrypted using the second key 
stored in the security module; and 
IS the user device comprises means (54) for 

decrypting the encrypted first key within the 
security nxxlule 

13. An information providing device for providing infor- 
20 mation to users with an information storage card for 

storing a second key. the device comprising: 

means (42) for transmitting, a service package 

that describes information necessary for utiliza- 
25 tion of the provided information, the service 

p>ackage being encrypted in accordance with a 

first encryption system: and 

means (40) for transmittir>g a first key used in 

the first erYcryption system, the first key being 
30 encrypted using the second key which is stored 

in the information storage card. 

14. An information providing system for providing con- 
tent data and message data in association with the 

35 content data, characterized by conprises: 

means (314) for calculating an value of a unidi- 
rectional function or unidirectional hash func- 
tion to which the whole message data or parts 
40 of the message data are input; arxJ 

means for encrypting the content data to be 
provided using ttie value of the unidirectional 
function or unidirectional hash function as a 
key. 

45 

15. The information providing system according to 
daim 14, characterized by further comprising 
means tor attaching the message data with a digital 
signature. 

50 

16. The information providing system according to 
daim 14. charactaized in that the message data 
contains charging irrformation concerning a charge 
for usage of the content data. 

55 

17. The information providing system according to 
daim 14, characterized tn that the message data 
contains data descrit>ed in a format induding 
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SGML, HTML, MHEG. or XML, and their extended 
or finrtited format. 

18. An information utilization device for use with an 
information providing system in which content data 5 
and rts associated message data are provided and 
the content data is encrypted, the device compris- 
ing: 

means for calculating a first value of a unidirec' io 
tional function or unicfirectional hash function to 
which the whole message data or parts of the 
message data are input, a second value of a 
key generation function to which the first value 
is input, or a third value of a key generation is 
function to which the first value and data 
included in the associated message or stored 
in the device are input; and 
means for decrypting the encrypted conterrt 
data using the value of the unidirectional tunc- 20 
tion or unidirectional hash function as a key. 

19. The information utilization device according to 
claim 18, characterized in that the message data is 
attached with a digital signature. 25 

20. The infornnation utilization device according to 
daim 18. characterized in that the message data 
contairts charging information concerning a charge 

for usag e of the content data. 30 

21. The information utilization device according to 
claim 18. characterized in that the message data 
contains data described in a format including 
SGMU HTML. MHEG. or XML. and their extended 35 
or limited format. 

22. An information providing s^em characterized by 
comprising: 

40 

an information providing device which, in 
enaypting content data using an encryption 
key. uses a first value of a unidirectional func- 
tion or unidirectional hash function to which the 
whole message data or parts of the message 45 
data are input, a second value of a key genera- 
tion function to which the first value is input, or 
a third value of a key generation function to 
which the first value and data included in the 
associated message or stored in the device are so 
input as the encryption key and transmitting 
the encrypted content data; 
a r^eater unit for receiving the message data 
from the information providing device and 
transmitting the received message data; and ss 
an information utilization device which, in 
decrypting the encrypted content data trans- 
mitted from the infornnation providing device 



using an decryption key. uses a value of a vrv- 
directional function or unidirectional hash func- 
tion to which the wfiole message data or parts 
of the message data associated with the con- 
tent data and transmitted from the inforn^tion 
providing device or the repeater unit as the 
decryption key. 

23. The information providing system according to 
daim 22, characterized in that the information pro- 
viding device encrypts the message data, arxJ the 
repeater unit decrypts the received encrypted mes- 
sage data, encrypts the message data again and 
transmits the encrypted message data. 

24. The information providing system according to 
daim 22. characterized in that the information pro- 
viding device sends the message data with a pro- 
vider's signature attached^ and the repeater unit 
verifies the signature on the received message data 
arid ticmsmits the message data with a message 
data receiver's signature attached. 

25. The information providing system according to 
daim 22. characterized in that the repeater unit is in 
the form of the information utilization device. 

26. An encryption device for encrypting content data 
and its assodated message data to be separately 
transmitted, characterized by con^rising: 

means for calculating an value of a unidirec- 
tional function or unidirectional hash function to 
which the whole message data or parts of the 
message data are input; and 
means for encrypting the content data using 
the value of the unidirectional function or unidi- 
rectional hash function as a key. 
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